Product Description

FortiWeb is a Web Application Firewall (WAF) produced by the Fortinet company. It enables users to set security filters between unsecured networks and Web applications.

Official website:


Access Vector: remote

Security Risk: low

Vulnerability: CWE-200

CVSS Base Score: 4.9


Vulnerability description

The FortiWeb appliance discloses the SNMP version 3 user’s password. The web page displayed by the appliance contains the password in clear text.

Thus, an administrator with at least a read-only access would be able to retrieve it.


To obtain this password, just navigate in the administration panel : system -> config -> SNMP -> edit SNMPv3 user.

Reading the html source code of the page reveals the password of the SNMP user.

Affected version

  • FortiWeb 5.8.2 and below until 5.4.1


Upgrade to FortiWeb version 5.8.3


Timeline (dd/mm/yyyy)

  • 03/05/2017 : Initial discovery
  • 05/06/2017 : First contact with customer support
  • 23/06/2017 : Reply from PSIRT team
  • 27/06/2017 : Providing all details to the PSIRT team
  • 28/06/2017 : Acknowledgment by Fortinet PSIRT team, registering of CVE-2017-7737 and fix scheduling for version 5.8.3
  • 12/08/2017 : Publication of the Fortinet PSIRT advisory
  • 20/11/2017 : Sysdream publication

(Congratulations to the Fortinet team for the very professional and quick handling of this issue)


  • Florian NIVETTE, Sysdream (f.nivette -at- sysdream -dot- com)

Recevez toute l'actualité en avant-première